Exam SY0-701 topic 1 question 96 discussion

CA issues and manages certificates. OSCP - Online Certificate Status Protocol, a protocol that checks a certificate for validity and if its been revoked (by the CA). The answer is OSCP. CA is like Congress, OSCP is like police. Congress records laws and writes them but don't actually enforce anything. Police enforce them

A is the right answer from my point of view. OCSP (Online Certificate Status Protocol): OCSP is used to validate the revocation status of a digital certificate. When a certificate is presented to a user, OCSP allows the recipient to query the Certificate Authority (CA) in real time to check if the certificate has been revoked before its expiration date. This is especially useful for determining whether a certificate is still valid or if it has been revoked due to compromise or other reasons. Relevant to the question: OCSP helps in validating the revocation status of a certificate when it is presented.

Gotta be A. Can't be the CA because the CA issues the certs but isn't referred to for validating them, that's the CRL or OCSP.

A OCSP

It is A OCSP This is a mechanism used to check the validity of a certificate in real time. When a certificate is presented, the user's system queries the OCSP responder to verify that the certificate is still valid and has not be revoked by CA. The CA is responsible for issuing, revoking and managing digital certificates, but it does not perform the real time validation of the certificates.

I don't think they are trying to trick us. I pick the simple answer.

A. Online Certificate Status Protocol is the actual protocol that is validating the request. A CA simply managaes those validations.

When a certificate is presented to a user as written in the scenario(e.g., when visiting a secure website), the system can use OCSP to query the CA’s OCSP responder. This helps determine whether the certificate is still valid or has been revoked. -Real-Time Validation: Unlike Certificate Revocation Lists (CRLs), which are static lists of revoked certificates, OCSP provides dynamic, up-to-date information about the certificate’s status, allowing for timely detection of compromised or invalid certificates. Why this is the best fit: Security Assurance: By using OCSP, systems can ensure that a presented certificate is not only genuine but also has not been revoked due to compromise or other reasons. This real-time validation is critical for maintaining secure communications.

OCSP is used to validate the status of a digital certificate in real-time. When a certificate is presented to a user, the OCSP responder can be queried to check if the certificate is still valid or if it has been revoked. This provides a more efficient and timely method of certificate validation compared to traditional CRL (Certificate Revocation List) checks.

A. OCSP (Online Certificate Status Protocol) OCSP is used to validate a certificate when it is presented to a user by checking the certificate's revocation status. It provides real-time status information about the validity of a certificate, ensuring that it has not been revoked. Therefore, the correct answer is: A. OCSP

the question is tricky. It is basically asking what is "used" to validate a certificate when it is presented to a user. Meaning, what do you use to validate a certificate when giving it to a user to use? a CA. An OCSP checks whether a certificate is valid or revoked, it doesn't validate a certificate. This is how I read the question.

They are looking for the protocol OCSP

A. OCSP

Certificate Authority